Snort mailing list archives
Re: [Snort-users] CPU usage grow to max
From: "Alessandro Fiorenzi" <a.iorenzi () libero it>
Date: Wed, 30 Jan 2002 08:44:03 +0100
What output modes are you using?
-Marty
I am using output on mysql, and syslog.
with top I have this:
9:01am up 10 days, 23:17, 1 user, load average: 0.87, 0.74, 0.55
44 processes: 41 sleeping, 3 running, 0 zombie, 0 stopped
CPU0 states: 98.0% user, 1.0% system, 0.0% nice, 0.0% idle
CPU1 states: 0.1% user, 0.0% system, 0.0% nice, 99.0% idle
Mem: 255152K av, 251832K used, 3320K free, 0K shrd, 29460K
buff
Swap: 128480K av, 1636K used, 126844K free 124632K
cached
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND
1050 root 16 0 6996 6996 1152 R 99.6 2.7 7426m snort
18693 admin 10 0 1076 1076 864 R 1.9 0.4 0:00 top
1 root 8 0 544 544 472 S 0.0 0.2 0:04 init
2 root 8 0 0 0 0 SW 0.0 0.0 0:00 keventd
3 root 9 0 0 0 0 SW 0.0 0.0 0:03 kswapd
4 root 9 0 0 0 0 SW 0.0 0.0 0:00 kreclaimd
5 root 9 0 0 0 0 SW 0.0 0.0 0:00 bdflush
6 root 9 0 0 0 0 SW 0.0 0.0 0:00 kupdated
7 root -1 -20 0 0 0 SW< 0.0 0.0 0:00 mdrecoveryd
609 root 9 0 588 588 488 S 0.0 0.2 0:15 syslog
and with vmstat I have the following:
[admin@lupin3 admin]$ vmstat 1
procs memory swap io system
cpu
r b w swpd free buff cache si so bi bo in cs us
sy id
1 0 0 1636 3408 29472 124652 0 0 0 0 16 2 1
1 8
1 0 0 1636 3412 29472 124652 0 0 0 0 713 162 37
1 62
1 0 0 1636 3404 29472 124652 0 0 0 0 775 137 42
0 58
0 0 0 1636 3404 29472 124652 0 0 0 0 781 290 38
0 62
1 0 0 1636 3412 29472 124652 0 0 0 0 895 222 38
2 60
1 0 0 1636 3412 29472 124652 0 0 0 0 952 90 46
0 54
0 0 0 1636 3404 29472 124652 0 0 0 0 740 233 34
0 66
1 0 0 1636 3412 29472 124652 0 0 0 4 801 305 36
2 62
0 0 0 1636 3404 29472 124652 0 0 0 1 872 106 44
0 56
1 0 0 1636 3412 29472 124652 0 0 0 0 1142 12 50
0 50
1 0 0 1636 3412 29472 124652 0 0 0 0 991 8 49
1 50
1 0 0 1636 3412 29472 124652 0 0 0 0 1001 8 50
0 50
1 0 0 1636 3412 29472 124652 0 0 0 0 854 194 40
1 58
1 0 0 1636 3412 29472 124652 0 0 0 0 797 88 44
0 56
1 0 0 1636 3412 29472 124652 0 0 0 0 823 82 42
0 58
1 0 0 1636 3412 29472 124652 0 0 0 0 761 256 36
0 64
1 0 0 1636 3404 29472 124652 0 0 0 0 840 225 39
0 61
1 0 0 1636 3412 29472 124652 0 0 0 8 727 297 35
0 65
1 0 0 1636 3412 29472 124652 0 0 0 0 1161 46 49
0 51
1 0 0 1636 3412 29472 124652 0 0 0 0 1066 26 49
0 51
So I have no I/O problem but cpu usage problem, bandwith is 16Mbit with
an usage of 8-12Mbit.
rtin Roesch - Founder/CEO Sourcefire Inc. - (410) 552-6999
Sourcefire: Professional Snort Sensor and Management Console appliances roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org
On 1/29/02 12:11 PM, "Alessandro Fiorenzi" <a.iorenzi () libero it> wrote:Hi, I have installed a snort sensor on a Pentium III 733MHz to monitor 3 C class traffic, but I see everytime cpu usage 100% is it possible? On this machine I have two processor but snort use only one processor, is there any way to use two processor?
Current thread:
- Re: [Snort-users] CPU usage grow to max Alessandro Fiorenzi (Jan 30)
- Re: CPU usage grow to max Martin Roesch (Jan 30)
- Re: CPU usage grow to max Michael Anderson (Jan 30)
- Re: CPU usage grow to max Martin Roesch (Jan 30)